The following issues were found
arch/powerpc/platforms/pseries/hotplug-memory.c
4 issues
Line: 59
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* We now know the size of memory@0, use this to find
* the first memoryblock and get its size.
*/
char buf[64];
sprintf(buf, "/memory@%x", memzero_size);
np = of_find_node_by_path(buf);
if (np) {
if (!of_address_to_resource(np, 0, &r))
Reported by FlawFinder.
Line: 61
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*/
char buf[64];
sprintf(buf, "/memory@%x", memzero_size);
np = of_find_node_by_path(buf);
if (np) {
if (!of_address_to_resource(np, 0, &r))
memblock_size = resource_size(&r);
of_node_put(np);
Reported by FlawFinder.
Line: 96
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
}
memcpy(new_prop->value, prop->value, prop->length);
new_prop->length = prop_size;
of_property_set_flag(new_prop, OF_DYNAMIC);
return new_prop;
}
Reported by FlawFinder.
Line: 146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy the new associativity into the lookup array */
index = aa_arrays * aa_array_entries + 2;
memcpy(&assoc_arrays[index], &lmb_assoc[1], aa_array_sz);
of_update_property(dr_node, new_prop);
/*
* The associativity lookup array index for this lmb is
Reported by FlawFinder.
arch/x86/platform/efi/efi_64.c
4 issues
Line: 119
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pgd_k = pgd_offset_k(PAGE_OFFSET);
num_entries = pgd_index(EFI_VA_END) - pgd_index(PAGE_OFFSET);
memcpy(pgd_efi, pgd_k, sizeof(pgd_t) * num_entries);
pgd_efi = efi_pgd + pgd_index(EFI_VA_END);
pgd_k = pgd_offset_k(EFI_VA_END);
p4d_efi = p4d_offset(pgd_efi, 0);
p4d_k = p4d_offset(pgd_k, 0);
Reported by FlawFinder.
Line: 127
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p4d_k = p4d_offset(pgd_k, 0);
num_entries = p4d_index(EFI_VA_END);
memcpy(p4d_efi, p4d_k, sizeof(p4d_t) * num_entries);
/*
* We share all the PUD entries apart from those that map the
* EFI regions. Copy around them.
*/
Reported by FlawFinder.
Line: 142
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pud_k = pud_offset(p4d_k, 0);
num_entries = pud_index(EFI_VA_END);
memcpy(pud_efi, pud_k, sizeof(pud_t) * num_entries);
pud_efi = pud_offset(p4d_efi, EFI_VA_START);
pud_k = pud_offset(p4d_k, EFI_VA_START);
num_entries = PTRS_PER_PUD - pud_index(EFI_VA_START);
Reported by FlawFinder.
Line: 148
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pud_k = pud_offset(p4d_k, EFI_VA_START);
num_entries = PTRS_PER_PUD - pud_index(EFI_VA_START);
memcpy(pud_efi, pud_k, sizeof(pud_t) * num_entries);
}
/*
* Wrapper for slow_virt_to_phys() that handles NULL addresses.
*/
Reported by FlawFinder.
arch/mips/mm/init.c
4 issues
Line: 200
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cpu_has_dc_aliases &&
page_mapcount(page) && !Page_dcache_dirty(page)) {
void *vto = kmap_coherent(page, vaddr) + (vaddr & ~PAGE_MASK);
memcpy(vto, src, len);
kunmap_coherent();
} else {
memcpy(dst, src, len);
if (cpu_has_dc_aliases)
SetPageDcacheDirty(page);
Reported by FlawFinder.
Line: 203
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(vto, src, len);
kunmap_coherent();
} else {
memcpy(dst, src, len);
if (cpu_has_dc_aliases)
SetPageDcacheDirty(page);
}
if (vma->vm_flags & VM_EXEC)
flush_cache_page(vma, vaddr, page_to_pfn(page));
Reported by FlawFinder.
Line: 218
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cpu_has_dc_aliases &&
page_mapcount(page) && !Page_dcache_dirty(page)) {
void *vfrom = kmap_coherent(page, vaddr) + (vaddr & ~PAGE_MASK);
memcpy(dst, vfrom, len);
kunmap_coherent();
} else {
memcpy(dst, src, len);
if (cpu_has_dc_aliases)
SetPageDcacheDirty(page);
Reported by FlawFinder.
Line: 221
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dst, vfrom, len);
kunmap_coherent();
} else {
memcpy(dst, src, len);
if (cpu_has_dc_aliases)
SetPageDcacheDirty(page);
}
}
EXPORT_SYMBOL_GPL(copy_from_user_page);
Reported by FlawFinder.
arch/mips/mm/tlbex.c
4 issues
Line: 185
#endif
};
UASM_L_LA(_second_part)
UASM_L_LA(_leave)
UASM_L_LA(_vmalloc)
UASM_L_LA(_vmalloc_done)
/* _tlbw_hazard_x is handled differently. */
UASM_L_LA(_split)
Reported by Cppcheck.
Line: 447
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_debug("Wrote TLB refill handler (%u instructions).\n",
(unsigned int)(p - tlb_handler));
memcpy((void *)ebase, tlb_handler, 0x80);
local_flush_icache_range(ebase, ebase + 0x80);
dump_handler("r3000_tlb_refill", (u32 *)ebase, (u32 *)(ebase + 0x80));
}
#endif /* CONFIG_MIPS_PGD_C0_CONTEXT */
Reported by FlawFinder.
Line: 1483
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_debug("Wrote TLB refill handler (%u instructions).\n",
final_len);
memcpy((void *)ebase, final_handler, 0x100);
local_flush_icache_range(ebase, ebase + 0x100);
dump_handler("r4000_tlb_refill", (u32 *)ebase, (u32 *)(ebase + 0x100));
}
static void setup_pw(void)
Reported by FlawFinder.
Line: 1588
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
uasm_resolve_relocs(relocs, labels);
memcpy((void *)(ebase + 0x80), tlb_handler, 0x80);
local_flush_icache_range(ebase + 0x80, ebase + 0x100);
dump_handler("loongson3_tlb_refill",
(u32 *)(ebase + 0x80), (u32 *)(ebase + 0x100));
}
Reported by FlawFinder.
arch/parisc/include/asm/pci.h
4 issues
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* REVISIT - spinlock to protect resources? */
#define HBA_NAME_SIZE 16
char io_name[HBA_NAME_SIZE];
char lmmio_name[HBA_NAME_SIZE];
char elmmio_name[HBA_NAME_SIZE];
char gmmio_name[HBA_NAME_SIZE];
};
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define HBA_NAME_SIZE 16
char io_name[HBA_NAME_SIZE];
char lmmio_name[HBA_NAME_SIZE];
char elmmio_name[HBA_NAME_SIZE];
char gmmio_name[HBA_NAME_SIZE];
};
/*
Reported by FlawFinder.
Line: 65
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define HBA_NAME_SIZE 16
char io_name[HBA_NAME_SIZE];
char lmmio_name[HBA_NAME_SIZE];
char elmmio_name[HBA_NAME_SIZE];
char gmmio_name[HBA_NAME_SIZE];
};
/*
** We support 2^16 I/O ports per HBA. These are set up in the form
Reported by FlawFinder.
Line: 66
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char io_name[HBA_NAME_SIZE];
char lmmio_name[HBA_NAME_SIZE];
char elmmio_name[HBA_NAME_SIZE];
char gmmio_name[HBA_NAME_SIZE];
};
/*
** We support 2^16 I/O ports per HBA. These are set up in the form
** 0xbbxxxx, where bb is the bus number and xxxx is the I/O port
Reported by FlawFinder.
arch/arm/kernel/tcm.c
4 issues
Line: 261
CWE codes:
570
u32 tcm_status;
u8 dtcm_banks;
u8 itcm_banks;
size_t dtcm_code_sz = &__edtcm_data - &__sdtcm_data;
size_t itcm_code_sz = &__eitcm_text - &__sitcm_text;
char *start;
char *end;
char *ram;
int ret;
Reported by Cppcheck.
Line: 262
CWE codes:
570
u8 dtcm_banks;
u8 itcm_banks;
size_t dtcm_code_sz = &__edtcm_data - &__sdtcm_data;
size_t itcm_code_sz = &__eitcm_text - &__sitcm_text;
char *start;
char *end;
char *ram;
int ret;
int i;
Reported by Cppcheck.
Line: 328
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
start = &__sdtcm_data;
end = &__edtcm_data;
ram = &__dtcm_start;
memcpy(start, ram, dtcm_code_sz);
pr_debug("CPU DTCM: copied data from %p - %p\n",
start, end);
dtcm_present = true;
} else if (dtcm_code_sz) {
pr_info("CPU DTCM: %u bytes of code compiled to DTCM but no "
Reported by FlawFinder.
Line: 366
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
start = &__sitcm_text;
end = &__eitcm_text;
ram = &__itcm_start;
memcpy(start, ram, itcm_code_sz);
pr_debug("CPU ITCM: copied code from %p - %p\n",
start, end);
itcm_present = true;
} else if (itcm_code_sz) {
pr_info("CPU ITCM: %u bytes of code compiled to ITCM but no "
Reported by FlawFinder.
arch/s390/kernel/cpcmd.c
4 issues
Line: 25
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <asm/io.h>
static DEFINE_SPINLOCK(cpcmd_lock);
static char cpcmd_buf[241];
static int diag8_noresponse(int cmdlen)
{
asm volatile(
" diag %[rx],%[ry],0x8\n"
Reported by FlawFinder.
Line: 72
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmdlen = strlen(cmd);
BUG_ON(cmdlen > 240);
memcpy(cpcmd_buf, cmd, cmdlen);
ASCEBC(cpcmd_buf, cmdlen);
diag_stat_inc(DIAG_STAT_X008);
if (response) {
memset(response, 0, rlen);
Reported by FlawFinder.
Line: 105
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_irqsave(&cpcmd_lock, flags);
len = __cpcmd(cmd, lowbuf, rlen, response_code);
spin_unlock_irqrestore(&cpcmd_lock, flags);
memcpy(response, lowbuf, rlen);
kfree(lowbuf);
} else {
spin_lock_irqsave(&cpcmd_lock, flags);
len = __cpcmd(cmd, response, rlen, response_code);
spin_unlock_irqrestore(&cpcmd_lock, flags);
Reported by FlawFinder.
Line: 70
Column: 11
CWE codes:
126
int rc;
int response_len;
cmdlen = strlen(cmd);
BUG_ON(cmdlen > 240);
memcpy(cpcmd_buf, cmd, cmdlen);
ASCEBC(cpcmd_buf, cmdlen);
diag_stat_inc(DIAG_STAT_X008);
Reported by FlawFinder.
arch/s390/kernel/alternative.c
4 issues
Line: 43
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len / 2
};
memcpy(insns, &brcl, sizeof(brcl));
insns += sizeof(brcl);
len -= sizeof(brcl);
while (len > 0) {
memcpy(insns, &nop16, 2);
Reported by FlawFinder.
Line: 48
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len -= sizeof(brcl);
while (len > 0) {
memcpy(insns, &nop16, 2);
insns += 2;
len -= 2;
}
}
Reported by FlawFinder.
Line: 59
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len > 6)
add_jump_padding(insns, len);
else if (len >= 2)
memcpy(insns, nops[len / 2 - 1], len);
}
static void __init_or_module __apply_alternatives(struct alt_instr *start,
struct alt_instr *end)
{
Reported by FlawFinder.
Line: 88
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
}
memcpy(insnbuf, replacement, a->replacementlen);
insnbuf_sz = a->replacementlen;
if (a->instrlen > a->replacementlen) {
add_padding(insnbuf + a->replacementlen,
a->instrlen - a->replacementlen);
Reported by FlawFinder.
arch/powerpc/platforms/pseries/pci.c
4 issues
Line: 39
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (loc_len < sizeof(dev->dev.name)) {
memmove(dev->dev.name+loc_len+1, dev->dev.name,
sizeof(dev->dev.name)-loc_len-1);
memcpy(dev->dev.name, loc_code, loc_len);
dev->dev.name[loc_len] = ' ';
dev->dev.name[sizeof(dev->dev.name)-1] = '\0';
}
}
}
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
addr = rtas_config_addr(pdn->busno, pdn->devfn, 0);
buid = pdn->phb->buid;
spin_lock(&rtas_data_buf_lock);
memcpy(rtas_data_buf, vf_pe_array,
RTAS_DATA_BUF_SIZE);
rc = rtas_call(ibm_map_pes, 5, 1, NULL, addr,
BUID_HI(buid), BUID_LO(buid),
rtas_data_buf,
num_vfs * sizeof(struct pe_map_bar_entry));
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BUID_HI(buid), BUID_LO(buid),
rtas_data_buf,
num_vfs * sizeof(struct pe_map_bar_entry));
memcpy(vf_pe_array, rtas_data_buf, RTAS_DATA_BUF_SIZE);
spin_unlock(&rtas_data_buf_lock);
if (rc)
dev_err(&pdev->dev,
"%s: Failed to associate pes PE#%lx, rc=%x\n",
Reported by FlawFinder.
Line: 35
Column: 18
CWE codes:
126
const char *loc_code = of_get_property(dn, "ibm,loc-code",
NULL);
if (loc_code) {
int loc_len = strlen(loc_code);
if (loc_len < sizeof(dev->dev.name)) {
memmove(dev->dev.name+loc_len+1, dev->dev.name,
sizeof(dev->dev.name)-loc_len-1);
memcpy(dev->dev.name, loc_code, loc_len);
dev->dev.name[loc_len] = ' ';
Reported by FlawFinder.
arch/mips/sgi-ip22/ip22-int.c
4 issues
Line: 28
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sgint_regs *sgint;
static char lc0msk_to_irqnr[256];
static char lc1msk_to_irqnr[256];
static char lc2msk_to_irqnr[256];
static char lc3msk_to_irqnr[256];
extern int ip22_eisa_init(void);
Reported by FlawFinder.
Line: 29
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sgint_regs *sgint;
static char lc0msk_to_irqnr[256];
static char lc1msk_to_irqnr[256];
static char lc2msk_to_irqnr[256];
static char lc3msk_to_irqnr[256];
extern int ip22_eisa_init(void);
Reported by FlawFinder.
Line: 30
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char lc0msk_to_irqnr[256];
static char lc1msk_to_irqnr[256];
static char lc2msk_to_irqnr[256];
static char lc3msk_to_irqnr[256];
extern int ip22_eisa_init(void);
static void enable_local0_irq(struct irq_data *d)
Reported by FlawFinder.
Line: 31
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char lc0msk_to_irqnr[256];
static char lc1msk_to_irqnr[256];
static char lc2msk_to_irqnr[256];
static char lc3msk_to_irqnr[256];
extern int ip22_eisa_init(void);
static void enable_local0_irq(struct irq_data *d)
{
Reported by FlawFinder.